The hazards may appear fewer, but don’t get caught asleep at the wheel on the information superhighway.
Or at least, that’s one way to interpret the findings of Resilience’s 2025 midyear outlook. The cyber insurance and risk management firm analyzed its claims portfolio and found that first-half cyber claims dropped by more than half (53%) compared to the first six months of 2024.
Yet the claims data also contained a stark reminder not to sleep on ransomware attacks, which got more expensive, on average. Resilience found that ransomware claim severity increased 20% in the first half of the year.
“Fewer companies are paying ransoms, so more companies are prepared to execute their incident response plans and recover from these types of attacks without feeling like they have to pay the threat actor,” Ann Irvine, Resilience’s chief data and analytics officer, told CFO Brew. But among the companies that aren’t able to stave off ransomware attacks, “costs can still be very large,” she added.
Don’t fall behind on staying ahead. Irvine said it was “awesome” to see fewer organizations falling victim to ransomware schemes. What separates them from those that racked up ransomware losses was their ability to “restore systems from backups quickly and comprehensively,” Irvine said.
“If companies know where their backups are, the backups are recent, and they’re comprehensive, then that’s really the key to executing an incident response plan and getting back to business really quickly,” she continued.
Some companies found out the hard way that, while they had almost everything backed up, one department or large system was either not backed up at all or not recently enough, Irvine said. That can be the difference between being unaffected or being down a long time.
News built for finance pros
CFO Brew helps finance pros navigate their roles with insights into risk management, compliance, and strategy through our newsletter, virtual events, and digital guides.
To avoid falling into that trap, Irvine said Resilience recommends that organizations put their incident response plans to the test through tabletop exercises. These practice runs should help “make sure all departments are covered [with system backups], not just nine out of 10,” Irvine said. “That last department can really matter.”
According to Resilience data, ransomware accounted for three-quarters of cyber losses in the first six months of 2025. Business interruption from ransomware attacks on a vendor accounted for 15% of losses, and another 8% came from transfer fraud.
Vendor-related cyber losses may sound familiar. Several massive third-party cyber incidents made headlines last year. The CrowdStrike outage, while not caused by a criminal cyber gang, grabbed a lot of attention due to its widespread impact. But ransomware was the culprit behind the Change Healthcare and CDK Global incidents.
These incidents haven’t been as much of a nuisance so far this year. Per the Resilience report, vendor-related cyber claims made up just a quarter of all claims notices in the first six months of this year, and accounted for 8% of all claims where organizations incurred losses (meaning required a payout). This was an improvement on both counts compared to 2024, when vendor incidents accounted for 34% of all claims and 18% of those with incurred losses throughout 2024.
Vendor incidents from last year showed “how exploiting a single point of failure in one company can lead to cascading disruption downstream, affecting entire industries and economic sectors,” Resilience noted in its report.
“These incidents are spotty,” Irvine said. “When they happen they can be super impactful to a lot of companies, and it’s very hard to predict when the next one will occur.”